X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Fexim%2Ftemplates%2Feximconf.erb;h=c619856cef0b6cfb8cbe2b9edc573ff2a0d34de9;hb=a1dd5aff5fcc24d382c60a32a56bf6797b444d02;hp=af0e177a8d73d48ce1a0734597b09f315c7b723e;hpb=f50a3a803d19af29ca27e271b193cbddcad5f92e;p=mirror%2Fdsa-puppet.git
diff --git a/modules/exim/templates/eximconf.erb b/modules/exim/templates/eximconf.erb
index af0e177a8..c619856ce 100644
--- a/modules/exim/templates/eximconf.erb
+++ b/modules/exim/templates/eximconf.erb
@@ -27,10 +27,6 @@
# is much like a local domain, execpt that the delivery location
# and allowed set of users is controlled by a virtual domain
# alias file and not /etc/passwd. Wildcards are permitted
-# relayhosts - Hostnames that can send any arbitarily addressed mail to
-# us. This is primarily only useful for emergency 'queue
-# flushing' operations, but should be populated with a list
-# of trusted machines. Wildcards are not permitted
# bsmtp_domains - Domains that we deliver locally via bsmtp
# submission-domains - Domains for which mail will be accepted via the
# submission port
@@ -266,6 +262,7 @@ tls_advertise_hosts = *
smtp_enforce_sync = true
log_selector = \
+ +subject \
+tls_cipher \
+tls_peerdn \
+queue_time \
@@ -306,7 +303,14 @@ GREYLIST_LOCAL_PARTS = ${if match_domain{$domain}{+virtual_domains}\
{${lookup{$local_part}lsearch*{${extract{directory}{VDOMAINDATA}{${value}/grey_users}}}{$local_part}{}}}{}}}\
{${lookup{$local_part}lsearch{/etc/exim4/grey_users}{$local_part}{}}}} : \
${lookup{$local_part}lsearch{/var/lib/misc/$primary_hostname/mail-greylist}{$local_part}{}}
-HAS_DEFAULT_OPTIONS = ${if eq{${lookup{$local_part}dbmnz{/var/lib/misc/$primary_hostname/default-mail-options.db}{$value}{TRUE}}}{TRUE}}
+# Users from LDAP can decide whether to subscribe to default filtering.
+# If a user has not explicitly disabled the option, the assumption is in
+# favour of filtering.
+HAS_DEFAULT_OPTIONS = ${if and {\
+ {eq{${lookup{$local_part}dbmnz{/var/lib/misc/$primary_hostname/default-mail-options.db}{$value}{TRUE}}}{TRUE}}\
+ {exists{${extract{directory}{VDOMAINDATA}{${value}/mail-forward.db}}}}\
+ {! eq {${lookup{$local_part}dbmnz{${extract{directory}{VDOMAINDATA}{${value}/mail-forward.db}}}}}{}}\
+ }}
<%- if @is_rtmaster -%>
# This subject rewrite is embedded in double-quoted strings. As such, some of
# the items need more escaping than usual, otherwise \N becomes simply "N" and
@@ -601,6 +605,15 @@ check_recipient:
message = Different profile, please retry
log_message = Only one profile at a time, please
+ warn set acl_m_rdefopt = ${if bool_lax{HAS_DEFAULT_OPTIONS}}
+
+ warn condition = ${if eq{$acl_m_defopt}{}}
+ set acl_m_defopt = $acl_m_rdefopt
+
+ defer condition = ${if !eq{$acl_m_defopt}{$acl_m_rdefopt}}
+ message = Different profile, please retry
+ log_message = Only one default options profile at a time, please
+
# Set a flag to indicate whether the current recipient
# has explicitly requested greylisting
warn set acl_m_grey_recip = 0
@@ -1055,6 +1068,30 @@ check_message:
condition = ${if !eq {$acl_m_prf}{PopconMail}}
message = Your mailer is not RFC 2047 compliant: message rejected
+ discard condition = ${if eq {$acl_m_prf}{blackhole}}
+ condition = ${if bool_lax{$acl_m_defopt}}
+ condition = ${if or {\
+ {match {$message_body}{Wenn Sie zukünftig keine weiteren Informationen erhalten möchten,
unwissentlich oder unbeabsichtigt in den Verteiler aufgenommen wurden,}} \
+ }\
+ }
+ log_message = Discarded suspicious content for $recipients
+
+ deny condition = ${if !eq {$acl_m_prf}{markup}}
+ condition = ${if bool_lax{$acl_m_defopt}}
+ condition = ${if or {\
+ {match {$message_body}{Wenn Sie zukünftig keine weiteren Informationen erhalten möchten,
unwissentlich oder unbeabsichtigt in den Verteiler aufgenommen wurden,}} \
+ }\
+ }
+ message = Rejected due to suspicious content
+
+ warn condition = ${if eq {$acl_m_prf}{markup}}
+ condition = ${if bool_lax{$acl_m_defopt}}
+ condition = ${if or {\
+ {match {$message_body}{Wenn Sie zukünftig keine weiteren Informationen erhalten möchten,
unwissentlich oder unbeabsichtigt in den Verteiler aufgenommen wurden,}} \
+ }\
+ }
+ add_header = X-debian-content-warning: yes
+
<%- if has_variable?("clamd") && @clamd -%>
discard condition = ${if eq {$acl_m_prf}{blackhole}}
malware = */defer_ok
@@ -1483,7 +1520,11 @@ virt_direct_verify:
modemask = 002
directory_transport = address_directory
domains = +virtual_domains
+<%- if @is_trackermaster -%>
+ local_part_suffix = +*
+<%- else -%>
local_part_suffix = -*
+<%- end -%>
local_part_suffix_optional
file = $home/.forward-\
${if exists {${home}/.forward-${local_part}}{${local_part}}\
@@ -1513,7 +1554,11 @@ virt_direct:
group = ${extract{group}{VDOMAINDATA}}
headers_add = "Delivered-To: ${local_part}${local_part_suffix}@${domain}"
modemask = 002
+<%- if @is_trackermaster -%>
+ local_part_suffix = +*
+<%- else -%>
local_part_suffix = -*
+<%- end -%>
local_part_suffix_optional
pipe_transport = address_pipe
reply_transport = address_reply